Bethpage, New York, United States
As an Information Security professional, I have the motivation and proven track record for coordinating successful global projects and programs, driving compliance, risk minimization and operational feasibility. I’ve taken leadership roles collaborating with cross-functional teams, including Technology, Risk & Control and Business constituents, to drive creative decisions based the collective intelligence to optimize effectively and efficiently achieve objectives. My experience across multiple IS domains includes: Application Security, Cyber Security, Vulnerability Assessment analysis, Security Incident Response, Third-Party Risk Assessment, Asset Management, Access Management and Training & Awareness. My Experience includes: - IS Risk and Compliance adviser to a portfolio of 275 internally and externally hosted Consumer Business applications - Successfully closed FFIEC regulatory OCC and internal audit gaps by leading the first-ever implementation of Suspicious Activity Monitoring (SAM) IS Governance program, including global policy and integrations to detective and preventative SIEM tools. - Simultaneously took charge of the Multi-Factor Authentication (MFA) and Vulnerability Assessment (VA) IS Governance Programs, including global policies, metrics and management reviews. Chaired weekly MFA/SAM committee and weekly working (VA) group calls - Developed and implemented legal expense and legal reserve tracking system for internal board and external audit review, for the Consumer Bank - Managed the Consumer N.A. website registration process and control program - Led the development of an enterprise Matter Management program which led to establishment of external legal counsel expense policy, dramatically reducing cost and improving payables My Specialties include: IS and Operational Risk Control, Identity and Data Privacy, Adaptive Authentication, Application Security, Cyber Security Monitoring, Regulatory Governance and Compliance Standards and Frameworks: NIST, ISO 270001, PCI-DSS, GLBA, GDPR CONTACT ME AT: [email protected] (516) 476-0164
Focused on enhancing supplier risk management by evaluating and recommending third-party risk governance tools. Collaborated with Business Information Security Officers (BISOs) to analyze and reduce post-assessment risks, tracking actionable remediation in the Archer GRC tool; prepared and presented detailed monthly reports to senior IS management. My efforts contributed to a more robust handling of the external 3rd-party risk management strategy across various business units.
• Evaluated updated NIST 800-53 v5 versus v4, and recommended new framework to enhance the effectiveness of the Supplier Risk Management Program • Reviewed and presented comparative of competing third-party assessment programs • Analyzed and mapped separate assessment process for legal services suppliers to the standard security assessment and process for all other suppliers • Performed comprehensive risk assessments for numerous Altria suppliers, including first ever assessments on direct material suppliers • Conducted risk analysis of Supplier Assessment responses and proposed risk ratings • Managed open issues in the GRC system (Archer) for remediation and risk reduction • Prepared monthly status reports for Legal and Regulatory Science departments • Created and presented the SRM Late High-Risk Issues Dashboard to the CISO and BISO team
• Global IS Policy Governance; Closed FFIEC open finding within 5 months • Program Manager – Multi-Factor Authentication, Suspicious Activity Management, Vulnerability Assessment; Maintained annually policy updates with enterprise stakeholder approval; Modified procedures to maximize compliance with governance requirements • Application Security and Data Privacy • Risk & Control Management • Asset Management • Regulatory Compliance - FFIEC, GDPR, PSD2, PCI-DSS, SOX, MAS, CPRA
• IS Risk and Compliance • Application Vulnerability Risk Assessment • Managed business internal risk assessment system • N.A. Consumer Website Registration Administrator • Assess and Evaluate Third-Party Vendor Risk • Document and Define Root Causes of all Security Incidents and Events
• Deployed ‘Fast Track’ IS Initiatives program across 25 Sector business units • Investigated and documented Security Incidents • Conducted on-site IT/IS audits • Reviewed and approved system access, third-party contracts, data transfers and system access
• Managed group financials, personnel and administrative functions for the Global Consumer Sector Legal/Compliance & Technology units • Developed and managed global external legal expense and reserves reporting function • Project managed the enterprise Legal Matter Management application; (managed the creation of the matter management system from an earlier role) • Coordinated third-party managed Ethical Hack tests and funding for the Global Consumer Group